WCTC student Lucas Gallagher recently took first place in the 2017 Association of Information Technology Professionals National Collegiate Conference and Career Fair® (AITP-NCC) Cyber Security Challenge.

Fellow WCTC students Alex Nernberger and John Shegonee received honorable mention in the competition, held April 8 in St. Louis. The three were among more than 400 students from colleges and universities across the country who competed in a variety of different information technology (IT) contests. The challenge covered a broad spectrum of IT disciplines, ranging from PC Troubleshooting to Web Design, to Cyber Security. Gallagher found his name on the leaderboard more than once throughout the AITP-NCC, making the finals in the PC Troubleshooting event as well.

WraySec LLC., a Cyber Security Consulting firm, based out of the central Pennsylvania area, hosted the 2017 Association of Information Technology Professionals National Collegiate Conference and Career Fair® (AITP-NCC) Cyber Security Challenge at the Hyatt Regency St. Louis Arch. The AITPNCC is an annual conference dedicated to building relationships between collegiate students and the IT industry.

The AITP-NCC Security Challenge started with a qualification round, which saw more than 85 participants complete a qualification exam compromised of both knowledge-based and practical-based questions. The top 10 finalists from the qualification round moved onto the final round, competing in a puzzle-based cyber exercise competition. The puzzles, also known as challenges, were developed by WraySec and tailored to entry-level job roles and tasks in Defensive and Offensive Cyber Security Operations. The scoring was provided via WraySec's CyExNg, a Cyber Exercise Platform currently in open beta. CyExNg is designed to streamline the scoring of cyber exercises, ranging from internal training events to international cyber competitions, often referred to as a capture the flag or simply a 'CTF.'

This year's AITP-NCC Cyber Security Challenge included puzzles in 13 categories: Cryptography, Current Events, Database Security, Exploitation, Log Analysis, Network Forensics, Open Source Intelligence, Password Security, Physical Security, Regulation Knowledge, Reverse Engineering, Technical Knowledge, and Web Security. Participants had two and a half hours to complete as many puzzles as possible. As the participants completed each puzzle, they found a “flag” and submitted it for points.

WraySec CEO Justin Wray explained that a flag was essentially, “[a] piece of data, representing real-world data.” The level of realism did not stop there; the questions were formulated around the theme of the exercise: Supervisory Control and Data Acquisition (SCADA). SCADA encompasses the devices that link the physical world to the digital world.

“SCADA is a major area of interest in the cyber security field today. SCADA sounds like a big scary term because it is. We use SCADA devices to control power plants, water treatment facilities, train cars, traffic lights, you name it,” said WraySec COO Steve Collman.

Wray further explained, “[SCADA] is the control systems you rely on a daily basis, but never think about. We want the challenges to be as real-world as possible. The challenges need to be something that is not only relevant to the participants but also something that everyone can relate to.” Moreover, realistic it was; Herzog, a railway services company, featuring a lot of automation technology, was among the sponsors involved at this year's AITP-NCC.

“Competitions are an amazing learning experience and can be highly motivating for the participants," Wray said. “More important than winning is the ability to identify areas where you want to want to improve and focus more training.”